CVE-2025-23408
BaseFortify
Publication date: 2025-12-12
Last updated on: 2025-12-18
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | fineract | to 1.11.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-521 | The product does not require that users should have strong passwords. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Apache Fineract involves weak password requirements, which means the system allows users to set passwords that are not strong enough to provide adequate security. This weakness can make it easier for attackers to guess or crack passwords and gain unauthorized access.
How can this vulnerability impact me? :
The impact of this vulnerability is that attackers could exploit weak password policies to gain unauthorized access to the Apache Fineract system. This could lead to data breaches, unauthorized transactions, or other malicious activities compromising the confidentiality and integrity of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
Weak password requirements can lead to non-compliance with security standards and regulations such as GDPR and HIPAA, which mandate adequate security controls to protect sensitive data. Failure to enforce strong password policies may result in violations of these regulations, potentially leading to legal and financial penalties.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Apache Fineract to version 1.11.0 or later, preferably to the latest release 1.13.0, as the vulnerability is fixed starting from version 1.11.0.